Hackers abuse .arpa DNS and ipv6 to evade phishing defenses

Threat actors are abusing the special-use ".arpa" domain and IPv6 reverse DNS in phishing campaigns that more easily evade ...

Termite ransomware breaches linked to ClickFix CastleRAT attacks

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.
Opinion
Security BoulevardOpinion

The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors

Millions installed 'productivity' Chrome extensions that became malware after acquisition. Here's how browser extensions became enterprise security's weakest link.
PCMag

Wikipedia Forced to Lock Down Edits Over JavaScript That Could Delete Pages

The nonprofit that oversees Wikipedia briefly enforced a 'read-only' mode on Thursday morning as users spotted code designed to delete articles and place Russian text in the edit summary.
PCMag Australia

$20K in Stolen Games, a $5M Crypto Blunder, and a Very Bad Week for Internet Security

This week in cybersecurity: stolen PlayStation accounts, AI chat transcripts sold by data brokers, tax-season scams, deepfake ...
WECT

Hackers steal nearly $488K from Town of Carolina Beach in dual cyberattacks

CAROLINA BEACH, N.C. (WECT) - Town officials announced that nearly $500,000 was stolen from Carolina Beach during two cyberattacks in December. Officials said hackers stole approximately $487,994.80 ...
Tom's Guide

A new spyware called ZeroDayRat can take over your iPhone or Android via text — here is how to stay safe

Samsung Phones Samsung Galaxy S26 just got a new tool to protect you from scam calls and texts — here's how it works iPhones iOS 26.4 beta 2 now lets iPhones send encrypted RCS messages to Android — ...
NBC New York

Olympic ski jumpers might be using penis injections to fly further, report alleges

Let the games of inches begin. The German newspaper Bild reported in January that some male athletes may be injecting hyaluronic acid into their penises to fly further while competing at the 2026 ...
Reuters

Chinese-linked hackers target US entities with Venezuelan-themed malware

Mustang Panda uses Venezuela-themed phishing emails for cyberespionage Acronis uncovers malware linked to Mustang Panda operations Malware targets US government, policy-related entities, researchers ...
GitHub

Jellyfin Plugin - JavaScript Injector

Multiple Scripts: Add as many custom JavaScript snippets as you want. Organized UI: Each script is managed in its own collapsible section, keeping your configuration clean and easy to navigate. Enable ...
Forbes

Hackers Unredact Epstein Files — What You Need To Know

The Epstein files have been hacked. Updated December 26 with previous examples of PDF document redaction failures, as well as warnings about malware associated with some Epstein Files distributions ...
financefeeds

Hacker nutzen JavaScript-Bibliothek aus, um Krypto-Wallet-Drainer einzusetzen

Hacker haben Exploited a flaw in the React JavaScript library to inject code that drains crypto wallets onto websites, primarily on kryptowährung platforms. The React team released a patch on December ...